ia64/xen-unstable

changeset 14200:035d41b6c94c

acm: Fix the traversal of the event channel buckets and use the active
grant table entries instead of the shared ones. I had to move some
functions from grant_table.c into grant_table.h to make them usable by
the ACM module.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author kfraser@localhost.localdomain
date Thu Mar 01 13:45:53 2007 +0000 (2007-03-01)
parents bdebca505d8e
children 780ef7701772
files xen/acm/acm_simple_type_enforcement_hooks.c xen/common/grant_table.c xen/include/xen/grant_table.h
line diff
     1.1 --- a/xen/acm/acm_simple_type_enforcement_hooks.c	Thu Mar 01 12:23:44 2007 +0000
     1.2 +++ b/xen/acm/acm_simple_type_enforcement_hooks.c	Thu Mar 01 13:45:53 2007 +0000
     1.3 @@ -177,7 +177,7 @@ ste_init_state(struct acm_ste_policy_buf
     1.4      ssidref_t ste_ssidref, ste_rssidref;
     1.5      struct domain *d, *rdom;
     1.6      domid_t rdomid;
     1.7 -    struct grant_entry sha_copy;
     1.8 +    struct active_grant_entry *act;
     1.9      int port, i;
    1.10  
    1.11      rcu_read_lock(&domlist_read_lock);
    1.12 @@ -185,64 +185,75 @@ ste_init_state(struct acm_ste_policy_buf
    1.13      /* go through all domains and adjust policy as if this domain was started now */
    1.14      for_each_domain ( d )
    1.15      {
    1.16 +        struct evtchn *ports;
    1.17 +        unsigned int bucket;
    1.18          ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
    1.19                               (struct acm_ssid_domain *)d->ssid);
    1.20          ste_ssidref = ste_ssid->ste_ssidref;
    1.21          traceprintk("%s: validating policy for eventch domain %x (ste-Ref=%x).\n",
    1.22                      __func__, d->domain_id, ste_ssidref);
    1.23          /* a) check for event channel conflicts */
    1.24 -        for (port=0; port < NR_EVTCHN_BUCKETS; port++) {
    1.25 +        for (bucket = 0; bucket < NR_EVTCHN_BUCKETS; bucket++) {
    1.26              spin_lock(&d->evtchn_lock);
    1.27 -            if (d->evtchn[port] == NULL ||
    1.28 -                d->evtchn[port]->state == ECS_UNBOUND) {
    1.29 +            ports = d->evtchn[bucket];
    1.30 +            if (ports == NULL) {
    1.31                  spin_unlock(&d->evtchn_lock);
    1.32 -                continue;
    1.33 +                break;
    1.34              }
    1.35 -            if (d->evtchn[port]->state == ECS_INTERDOMAIN) {
    1.36 -                rdom = d->evtchn[port]->u.interdomain.remote_dom;
    1.37 -                rdomid = rdom->domain_id;
    1.38 -            } else {
    1.39 -                spin_unlock(&d->evtchn_lock);
    1.40 -                continue; /* port unused */
    1.41 +
    1.42 +            for (port=0; port < EVTCHNS_PER_BUCKET; port++) {
    1.43 +                if (ports[port].state == ECS_INTERDOMAIN) {
    1.44 +                    rdom = ports[port].u.interdomain.remote_dom;
    1.45 +                    rdomid = rdom->domain_id;
    1.46 +                } else {
    1.47 +                    continue; /* port unused */
    1.48 +                }
    1.49 +
    1.50 +                /* rdom now has remote domain */
    1.51 +                ste_rssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,
    1.52 +                                      (struct acm_ssid_domain *)(rdom->ssid));
    1.53 +                ste_rssidref = ste_rssid->ste_ssidref;
    1.54 +                traceprintk("%s: eventch: domain %x (ssidref %x) --> "
    1.55 +                            "domain %x (rssidref %x) used (port %x).\n",
    1.56 +                            __func__, d->domain_id, ste_ssidref,
    1.57 +                            rdom->domain_id, ste_rssidref, port);
    1.58 +                /* check whether on subj->ssid, obj->ssid share a common type*/
    1.59 +                if (!have_common_type(ste_ssidref, ste_rssidref)) {
    1.60 +                    printkd("%s: Policy violation in event channel domain "
    1.61 +                            "%x -> domain %x.\n",
    1.62 +                            __func__, d->domain_id, rdomid);
    1.63 +                    spin_unlock(&d->evtchn_lock);
    1.64 +                    goto out;
    1.65 +                }
    1.66              }
    1.67              spin_unlock(&d->evtchn_lock);
    1.68 +        } 
    1.69  
    1.70 -            /* rdom now has remote domain */
    1.71 -            ste_rssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
    1.72 -                                  (struct acm_ssid_domain *)(rdom->ssid));
    1.73 -            ste_rssidref = ste_rssid->ste_ssidref;
    1.74 -            traceprintk("%s: eventch: domain %x (ssidref %x) --> domain %x (rssidref %x) used (port %x).\n", 
    1.75 -                        __func__, d->domain_id, ste_ssidref, rdom->domain_id, ste_rssidref, port);  
    1.76 -            /* check whether on subj->ssid, obj->ssid share a common type*/
    1.77 -            if (!have_common_type(ste_ssidref, ste_rssidref)) {
    1.78 -                printkd("%s: Policy violation in event channel domain %x -> domain %x.\n",
    1.79 -                        __func__, d->domain_id, rdomid);
    1.80 -                goto out;
    1.81 -            }
    1.82 -        } 
    1.83          /* b) check for grant table conflicts on shared pages */
    1.84          spin_lock(&d->grant_table->lock);
    1.85 -        for ( i = 0; i < nr_grant_entries(d->grant_table); i++ ) {
    1.86 -#define SPP (PAGE_SIZE / sizeof(struct grant_entry))
    1.87 -            sha_copy = d->grant_table->shared[i/SPP][i%SPP];
    1.88 -            if ( sha_copy.flags ) {
    1.89 -                printkd("%s: grant dom (%hu) SHARED (%d) flags:(%hx) dom:(%hu) frame:(%lx)\n",
    1.90 -                        __func__, d->domain_id, i, sha_copy.flags, sha_copy.domid, 
    1.91 -                        (unsigned long)sha_copy.frame);
    1.92 -                rdomid = sha_copy.domid;
    1.93 +        for ( i = 0; i < nr_active_grant_frames(d->grant_table); i++ ) {
    1.94 +#define APP (PAGE_SIZE / sizeof(struct active_grant_entry))
    1.95 +            act = &d->grant_table->active[i/APP][i%APP];
    1.96 +            if ( act->pin != 0 ) {
    1.97 +                printkd("%s: grant dom (%hu) SHARED (%d) pin (%d)  "
    1.98 +                        "dom:(%hu) frame:(%lx)\n",
    1.99 +                        __func__, d->domain_id, i, act->pin,
   1.100 +                        act->domid, (unsigned long)act->frame);
   1.101 +                rdomid = act->domid;
   1.102                  if ((rdom = rcu_lock_domain_by_id(rdomid)) == NULL) {
   1.103                      spin_unlock(&d->grant_table->lock);
   1.104                      printkd("%s: domain not found ERROR!\n", __func__);
   1.105                      goto out;
   1.106 -                };
   1.107 +                }
   1.108                  /* rdom now has remote domain */
   1.109 -                ste_rssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
   1.110 +                ste_rssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY,
   1.111                                        (struct acm_ssid_domain *)(rdom->ssid));
   1.112                  ste_rssidref = ste_rssid->ste_ssidref;
   1.113                  rcu_unlock_domain(rdom);
   1.114                  if (!have_common_type(ste_ssidref, ste_rssidref)) {
   1.115                      spin_unlock(&d->grant_table->lock);
   1.116 -                    printkd("%s: Policy violation in grant table sharing domain %x -> domain %x.\n",
   1.117 +                    printkd("%s: Policy violation in grant table "
   1.118 +                            "sharing domain %x -> domain %x.\n",
   1.119                              __func__, d->domain_id, rdomid);
   1.120                      goto out;
   1.121                  }
     2.1 --- a/xen/common/grant_table.c	Thu Mar 01 12:23:44 2007 +0000
     2.2 +++ b/xen/common/grant_table.c	Thu Mar 01 13:45:53 2007 +0000
     2.3 @@ -78,27 +78,6 @@ static unsigned inline int max_nr_maptra
     2.4      return (max_nr_grant_frames * MAX_MAPTRACK_TO_GRANTS_RATIO);
     2.5  }
     2.6  
     2.7 -static inline unsigned int
     2.8 -num_act_frames_from_sha_frames(const unsigned int num)
     2.9 -{
    2.10 -    /* How many frames are needed for the active grant table,
    2.11 -     * given the size of the shared grant table?
    2.12 -     *
    2.13 -     * act_per_page = PAGE_SIZE / sizeof(active_grant_entry_t);
    2.14 -     * sha_per_page = PAGE_SIZE / sizeof(grant_entry_t);
    2.15 -     * num_sha_entries = num * sha_per_page;
    2.16 -     * num_act_frames = (num_sha_entries + (act_per_page-1)) / act_per_page;
    2.17 -     */
    2.18 -    return ((num * (PAGE_SIZE / sizeof(grant_entry_t))) +
    2.19 -            ((PAGE_SIZE / sizeof(struct active_grant_entry))-1))
    2.20 -           / (PAGE_SIZE / sizeof(struct active_grant_entry));
    2.21 -}
    2.22 -
    2.23 -static inline unsigned int
    2.24 -nr_active_grant_frames(struct grant_table *gt)
    2.25 -{
    2.26 -    return num_act_frames_from_sha_frames(nr_grant_frames(gt));
    2.27 -}
    2.28  
    2.29  #define SHGNT_PER_PAGE (PAGE_SIZE / sizeof(grant_entry_t))
    2.30  #define shared_entry(t, e) \
     3.1 --- a/xen/include/xen/grant_table.h	Thu Mar 01 12:23:44 2007 +0000
     3.2 +++ b/xen/include/xen/grant_table.h	Thu Mar 01 13:45:53 2007 +0000
     3.3 @@ -120,4 +120,26 @@ static inline unsigned int nr_grant_entr
     3.4      return (nr_grant_frames(gt) << PAGE_SHIFT) / sizeof(grant_entry_t);
     3.5  }
     3.6  
     3.7 +static inline unsigned int
     3.8 +num_act_frames_from_sha_frames(const unsigned int num)
     3.9 +{
    3.10 +    /* How many frames are needed for the active grant table,
    3.11 +     * given the size of the shared grant table?
    3.12 +     *
    3.13 +     * act_per_page = PAGE_SIZE / sizeof(active_grant_entry_t);
    3.14 +     * sha_per_page = PAGE_SIZE / sizeof(grant_entry_t);
    3.15 +     * num_sha_entries = num * sha_per_page;
    3.16 +     * num_act_frames = (num_sha_entries + (act_per_page-1)) / act_per_page;
    3.17 +     */
    3.18 +    return ((num * (PAGE_SIZE / sizeof(grant_entry_t))) +
    3.19 +            ((PAGE_SIZE / sizeof(struct active_grant_entry))-1))
    3.20 +           / (PAGE_SIZE / sizeof(struct active_grant_entry));
    3.21 +}
    3.22 +
    3.23 +static inline unsigned int
    3.24 +nr_active_grant_frames(struct grant_table *gt)
    3.25 +{
    3.26 +    return num_act_frames_from_sha_frames(nr_grant_frames(gt));
    3.27 +}
    3.28 +
    3.29  #endif /* __XEN_GRANT_TABLE_H__ */